CVE-2026-28061

CVE-2026-28061 is a Local File Inclusion vulnerability in the ThemeREX Tiger Claw WordPress theme, affecting versions up to and including 1.1.14. The issue stems from improper control of filenames in Include/Require statements, enabling PHP Local File Inclusion. Public references in the connected...

CVE-2025-13680

The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 101.2.1. This is due to the plugin allowing a user to update the user role through the $user-setrole function. This makes it possible for authenticated attackers, with Subscriber-level access...

WordPress Tiger Premium theme <= 101.2.1 - Authenticated (Subscriber+) Privilege Escalation vulnerability

Authenticated Subscriber+ Privilege Escalation vulnerability discovered by István Márton - Wordfence in WordPress Theme Tiger versions = 101.2.1...

CVE-2025-13680 Tiger <= 101.2.1 - Authenticated (Subscriber+) Privilege Escalation

The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 101.2.1. This is due to the plugin allowing a user to update the user role through the $user-setrole function. This makes it possible for authenticated attackers, with Subscriber-level access...

CVE-2025-13675

CVE-2025-13675 affects the Tiger WordPress Theme (pre-101.2.2; WordPress Tiger 101.2.1 and earlier). The root cause is in paypal-submit.php, which does not restrict registration roles, allowing unauthenticated attackers to set administrator during signup. Impact is unauthenticated privilege escal...

CVE-2025-31027 WordPress Tiger theme <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jocoxdesign Tiger tiger allows Reflected XSS.This issue affects Tiger: from n/a through 2.0...

CVE-2025-31407

CVE-2025-31407 affects the Tiger software (up to version 2.0). The connected data indicates an authenticated (Subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Tiger, caused by improper input neutralization during web page generation. The CVSS v3.1 base metrics are: Score 6.5 (Mediu...

CVE-2025-31407 WordPress Tiger theme <= 2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hutsixdigital Tiger allows Stored XSS.This issue affects Tiger: from n/a through 2.0...

WordPress Tiger Forms Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Tiger Forms Type Plugin Vulnerable versions = 2.0.0 Fixed in 2.1.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-44474 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5fe0f3839101 Credits SeungYongLee Required privilege...